comscore
News

macOS hit by ‘MaMi’ malware targeting DNS settings; What it does, how to detect and prevent your Mac

The new macOS malware is a rehash of old Windows DNS hijacker.

  • Published: January 17, 2018 12:19 PM IST
macbook air stock

Back in 2012, millions of Windows PCs were affected by DNSChanger malware, and now the same malware has been targeting macOS. Called ‘MaMi,’ the malware was first discovered by security researcher Patrick Wardel.

Wardel spotted a forum post on Malwarebytes where a user said, ‘accidentally installed something’ and that led to DNS hijacking. And despite removing the DNS entries, the address changes remained persistent. The Malwarebytes software spotted and reported about one indicator ‘MyCoupon,’ which is often labeled as nuisanceware. On deeper inspection, the DNS entries suggested that something with graver impact was happening.

After the operating system is infected, MaMi changes the DNS entry and installs a root certificate. And even as victims try to manually change the DNS entries, it persistently reverts back to the malicious DNS entries.

How does MaMi malware function?

To begin with, it installs a local certificate that can stream logon credentials, take screenshots of the desktop, run AppleScripts, which in turn gives the malware an ability to execute scripts. With DSN IP under control of criminals, they can redirect users to ads controlled by criminals, or to malicious domains. What’s more, the malware can also download and upload files to steal sensitive files, and also download additional scripts and modules.

How do you know if your system is compromised?

If you can see the existence of these domain entries – 82.163.143.135 and 82.163.142.137, it is a sign that your system may have been compromised by MaMi malware. Furthermore, if you see domains registered by angein.ingfo, infolilovakia.info, inforegardens.info, infodefinitial.info and infohumption.info, it is also a sign of system bring compromised.

How to prevent MaMi malware from infecting your Mac?

Similar to DNS Changer malware on Windows OS, it is difficult to prevent your macOS from getting infected by MaMi malware. One way to prevent infection is to monitor and block network machines from attempting to access the above-mentioned domain entries.

It is also recommended that you install anti-virus and anti-malware software, and keep them updated. As a general practice, always keep your OS updated, whenever updates are available. You should backup your data regularly, avoid accessing unsolicited websites, and also avoid connecting to public Wi-Fi networks as far as possible. These steps will help you keep your macOS safe from MaMi malware.

  • Published Date: January 17, 2018 12:19 PM IST